diff --git a/gns3server/api/routes/controller/users.py b/gns3server/api/routes/controller/users.py
index 9901dd5c..0bd6373d 100644
--- a/gns3server/api/routes/controller/users.py
+++ b/gns3server/api/routes/controller/users.py
@@ -54,7 +54,7 @@ async def login(
 ) -> schemas.Token:
     """
     Default user login method using forms (x-www-form-urlencoded).
-    Example: curl http://host:port/v3/users/login -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=admin"
+    Example: curl -X POST http://host:port/v3/access/users/login -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=admin"
     """
 
     user = await users_repo.authenticate_user(username=form_data.username, password=form_data.password)
@@ -76,7 +76,7 @@ async def authenticate(
 ) -> schemas.Token:
     """
     Alternative authentication method using json.
-    Example: curl http://host:port/v3/users/authenticate -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
+    Example: curl -X POST http://host:port/v3/access/users/authenticate -d '{"username": "admin", "password": "admin"}' -H "Content-Type: application/json"
     """
 
     user = await users_repo.authenticate_user(username=user_credentials.username, password=user_credentials.password)
diff --git a/tests/api/routes/controller/test_users.py b/tests/api/routes/controller/test_users.py
index 94262fdb..9a9b51ae 100644
--- a/tests/api/routes/controller/test_users.py
+++ b/tests/api/routes/controller/test_users.py
@@ -266,6 +266,7 @@ class TestUserLogin:
         (
             ("wrong_username", "user1_password", status.HTTP_401_UNAUTHORIZED),
             ("user1", "wrong_password", status.HTTP_401_UNAUTHORIZED),
+            ("user1", "", status.HTTP_401_UNAUTHORIZED),
             ("user1", None, status.HTTP_422_UNPROCESSABLE_ENTITY),
         ),
     )
@@ -284,6 +285,8 @@ class TestUserLogin:
             "username": username,
             "password": password,
         }
+        if password is None:
+            del login_data["password"]
         response = await unauthorized_client.post(app.url_path_for("login"), data=login_data)
         assert response.status_code == status_code
         assert "access_token" not in response.json()